Identifying Devices

Suppose you feel that for the needs of
your application, you need an actual hardware device identifier. This
turns out to be a tricky problem.

In the past, when every Android device was a phone, things were simpler: TelephonyManager.getDeviceId()
is required to return (depending on the network technology) the IMEI,
MEID, or ESN of the phone, which is unique to that piece of hardware.

However, there are problems with this approach:

Non-phones: Wifi-only devices or music players that don’t have telephony hardware just don’t have this kind of unique identifier.

Persistence: On devices which do have this, it persists
across device data wipes and factory resets. It’s not clear at all if,
in this situation, your app should regard this as the same device.

Privilege:It requires READ_PHONE_STATE permission, which is irritating if you don’t otherwise use or need telephony.

Bugs: We have seen a few instances of production phones
for which the implementation is buggy and returns garbage, for example
zeros or asterisks.

Mac Address

It may be possible to retrieve a Mac address
from a device’s WiFi or Bluetooth hardware. We do not recommend using
this as a unique identifier. To start with, not all devices have WiFi.
Also, if the WiFi is not turned on, the hardware may not report the Mac
address.

Serial Number

Since Android 2.3 (“Gingerbread”) this is available via android.os.Build.SERIAL. Devices without telephony are required to report a unique device ID here; some phones may do so also.

ANDROID_ID

More specifically, Settings.Secure.ANDROID_ID. This is a 64-bit quantity that is generated and stored when the device first boots. It is reset when the device is wiped.

ANDROID_ID
seems a good choice for a unique device identifier. There are
downsides: First, it is not 100% reliable on releases of Android prior
to 2.2 (“Froyo”). Also, there has been at least one widely-observed bug
in a popular handset from a major manufacturer, where every instance
has the same ANDROID_ID.

Conclusion

For the vast majority
of applications, the requirement is to identify a particular
installation, not a physical device. Fortunately, doing so is
straightforward.

There are many good reasons for avoiding the
attempt to identify a particular device. For those who want to try, the
best approach is probably the use of ANDROID_ID on anything reasonably
modern, with some fallback heuristics for legacy devices.